Stored Cross-Site Scripting (XSS) in Magento Customer Address Upload Feature

Stored Cross-Site Scripting (XSS) in Magento Customer Address Upload Feature

CVE-2021-21030 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting (XSS) in the customer address upload feature. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Exploitation of this issue requires user interaction.

Learn more about our User Device Pen Test.